配置nginx支持Https一定要先使用stop停止nginx然后重新代开不能使用reload
一:安装letsencrypt
1.从git上克隆下来
git clone https://github.com/letsencrypt/letsencrypt.git
2.切换到letsencrypt中
cd letsencrypt/
执行以下的命令(A/C)
./certbot-auto certonly --standalone --email 邮箱 -d 网址
成功后返回结果
二:nginx配置
server {
listen 80;
#强制从http跳转到https
server_name 域名;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
#暴露给外部访问的端口
listen 443;
ssl on;
ssl_certificate /etc/letsencrypt/live/域名/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/域名/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
server_name 域名;
charset utf-8;
location / {
include uwsgi_params;
#外部访问80就转发到内部8000
uwsgi_pass 127.0.0.1:8000;
}
}
网友评论